Task

Symantec System Center

Symantec Endpoint Protection Manager

Configure LiveUpdate to work with an internal LiveUpdate server

Right-click the server, and click All Tasks > LiveUpdate > Configure, and configure settings for your internal LiveUpdate server.

* On the Policies tab, click LiveUpdate, and either edit an existing policy or create a new policy. In the policy, click Server Settings, check Use a LiveUpdate server, and configure settings for your internal LiveUpdate server.

Download product updates

Not done through Symantec System Center or LiveUpdate. Patches must be downloaded manually.

* On the Policies tab, click LiveUpdate, and either edit an existing policy or create a new policy. In the policy, under Windows Settings > Server Settings, check Use a LiveUpdate server. For either Windows or Mac, under Advanced Settings, check Download Symantec Endpoint Protection product updates using a LiveUpdate server.

For Small Business Edition, you can enable product updates for Mac clients only. On the Policies tab, click LiveUpdate, and either edit an existing policy or create a new policy. In the policy, under Mac Settings > Advanced Settings, check Download Symantec Endpoint Protection product updates using a LiveUpdate server.

Force a content update

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Update virus definitions now.

On the Clients (or Computers) tab, right-click the client group, click Run a command on the group > Update Content. This will prompt the computers to run LiveUpdate.

Schedule LiveUpdate

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Virus Definition Manager.

On the Policies tab, click LiveUpdate, and either edit an existing policy or create a new policy. In the policy, for Windows and/or Mac, click Schedule.

Task

Symantec System Center

Symantec Endpoint Protection Manager

Change client roaming options

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Client Roaming Options.

* Location Awareness, which acts similarly to roaming failover, is enabled by default. To change the options, on the Clients tab, click the group, then, in the right pane, select the Policies tab. Under Location-Independent Policies and Settings, click General Settings, and enable or disable Location Awareness. To create new locations, on the Clients > Policies tabs, under Tasks, click Add Location.

Configure client Auto-Protect options

Right-click the server, and click All Tasks > Symantec AntiVirus > Client Auto-Protect Options.

On the Policies tab, click Virus and Spyware Protection, and either edit an existing policy or create a new policy. In the policy, configure the options for Windows and/or Mac under Protection Technology > Auto-Protect.

Configure Reporting server and agent

Open the Reporting section in the Symantec System Center tree, and unlock the server you want to configure.

For notifications:
On the Monitors tab, click Notifications.

* For database maintenance:
On the Admin tab, click on Servers, then select localhost (or the database name, if a SQL Server database), click Edit Database Properties. The database maintenance tasks are on the General tab.

Create client firewall exceptions

Edit the firewall policy with the Symantec Client Firewall Administrator tool, and then deploy the changes with Symantec System Center.

On the Policies tab, click Firewall. Either edit an existing policy or create a new policy. In the policy, click Rules > Add Rule, and follow the steps in the wizard.

For Small Business Edition, on the Policies tab, click Firewall. Either edit an existing policy or create a new policy. In the policy, click Firewall Rules, then click Customize the default settings. Under Rules, click Rules > Add Rule, and follow the steps in the wizard.

Disable client email scanning

Right-click the server, and click All Tasks > Symantec AntiVirus > Client Auto-Protect Options. Disable and lock the options on the Internet Email, Microsoft Exchange, and Lotus Notes tabs.

On the Policies tab, click Virus and Spyware Protection, and either edit an existing policy or create a new policy. In the policy, disable and lock scanning under Windows Settings > Email Scans > Internet Email Auto-Protect, Microsoft Outlook Auto-Protect, and/or Lotus Notes Auto-Protect*.

Disable startup scans and QuickScans

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Client Administrator Only Options. On the Scans tab, change the scan options.

On the Policies tab, click Virus and Spyware Protection, and either edit an existing policy or create a new policy. In the policy, under Windows Settings > Scheduled Scans > Administrator-Defined Scans, on the Advanced tab, change the options under Startup and Triggered Scans.

Disable Tamper Protection

Right-click the desired target, then click All Tasks > Symantec AntiVirus, and click either Client or Server Tamper Protection Options.

On the Clients tab, click the desired group. In the right pane, click the Policies tab. Under Location-Independent Policies and Settings, click General Settings. On the Tamper Protection tab, uncheck Protect Symantec security software from being tampered with or shut down, and then lock it.

For Small Business Edition, on the Computers tab, click the desired group. In the right pane, select the Policies tab. Under Other Policy Settings, next to Tamper Protection and Submissions, click Edit Settings. On the Tamper Protection tab, uncheck Protect Symantec security software from being tampered with or shut down, and then lock it.

Enable or disable the icon in the Windows notification area (the system tray)

Right-click the server, click All Tasks > Symantec AntiVirus > Client Administrator Only Options, and uncheck Show Symantec AntiVirus Icon on Desktop.

* On the Clients tab, click the desired group. In the right pane, click the Policies tab. For the Default location (or alternate desired location), under Location-specific Policies and Settings, expand Location-specific Settings. Next to Client User Interface Control Settings, click Server Control. In the dialog, next to Server Control, click Customize..., and check or uncheck Display the notification area icon.

Schedule a scan

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Scheduled scans.

On the Policies tab, click Virus and Spyware Protection, and edit or create a policy.  Under Windows and/or Mac, click Scheduled Scans > Administrator-Defined Scans. On the Scans tab, click Add... to create a new scan, or Edit... to alter an existing scan. Follow the on-screen instructions.

Set global exclusions

Set Auto-Protect exclusions in either Client Auto-Protect Options or Server Auto-Protect Options. Set scheduled scan exclusions when you create or edit the scan. Local scans cannot have exclusions configured remotely.

On the Policies tab, click Exceptions, and either edit an existing policy or create a new policy.

Set the amount of time before logs are purged

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Configure History.

* On the Clients tab, click the desired group, then, in the right pane, click the Policies tab. Under Location-Independent Policies and Settings, under Settings, click Client Log Settings.

Set the amount of time before quarantined items are purged

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Quarantine Options > Purge Options.

* On the Policies tab, click Virus and Spyware Protection, and either edit an existing policy or create a new policy. In the policy, under Windows Settings > Advanced Options > Quarantine, click the Cleanup tab.

Update the firewall policy

Right-click the server, click All Tasks > Symantec Client Firewall > Update All Policy Now, and then follow the steps in the wizard.

When you make changes to a policy and then click OK to save the changes, the client receives the new policy when it next checks in.

When you create a policy, you are prompted to assign it to a group or groups. To assign a policy to a group after it is created, on the Policies tab, click Firewall. In the right pane, click an existing policy. Under Tasks, click Assign the policy.

Note: This behavior applies to all policies, not just the Firewall policy.

Task

Symantec System Center

Symantec Endpoint Protection Manager

Deploy clients

On the Tools menu, click ClientRemote Install, and follow the steps in the wizard.

You can deploy client protection to servers and workstations using the Client Deployment Wizard. To access it, on the Home tab, on the Common Tasks drop-down list, select Install protection client to computers. You have the option to configure which components you install to the client computers while using this wizard.

* Alternately, you can export installation packages manually. On the Admin tab, in the lower left pane, click Install Packages. Under Install Packages, you have the option to customize Client Install Settings (installation settings) and Client Install Feature Set (installation components). Under Client Install Package, click the desired package in the right pane. Under Tasks, click Export a Client Install Package... and follow the on-screen instructions to export a package to your specifications. See the Installation and Administration Guide PDF that came with Symantec Endpoint Protection for more information.

Deploy servers

On the Tools menu, click AntiVirus Server Rollout, and follow the steps in the wizard.

Symantec Endpoint Protection replaces the antivirus server with the Symantec Endpoint Protection Manager, which is intended to not only manage the client computers (server and workstation alike), but to act as a source of content. (At this time, the Symantec Endpoint Protection Manager only hosts and provides content to Windows client computers through the check-in (or heartbeat) process. Macs must obtain virus and spyware definitions via LiveUpdate.)

* You can implement multiple management consoles or Group Update Providers in lieu of of secondary antivirus servers.

Create client groups

Right-click the group folder, and click New Group.

On the Clients (or Computers) tab, right-click the desired parent group (such as My Company), then click Add a group, and fill out the required fields.

Task

Symantec System Center

Symantec Endpoint Protection Manager

Clear infected status

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Clear Risk Status.

Security Status alerts are reset automatically after 12 hours. This time frame can be changed in the Security Status preferences. Other indications that a threat was found remain in the logs.

Disable Auto-Protect

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Client or Server Auto-Protect Options.

On the Policies tab, click Virus and Spyware Protection, and either edit an existing policy or create a new policy. In the policy, for Windows and/or Mac, under Protection Technology > Auto-Protect, uncheck and lock Enable Auto-Protect.

Disable the firewall

Create a policy with the firewall disabled. To distribute the policy from within Symantec System Center, right-click the desired target, then click All Tasks > Symantec Client Firewall > Update Client Policy Now.

On the Clients (or Computers) tab, right-click the group, click Run a command on the group > Disable Network Threat Protection.

Force a global or a group scan

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Start Virus Sweep or Start Manual Scan.

On the Clients (or Computers) tab, right-click the client group, click Run a command on the group > Scan or Update Content and Scan. (Update Content will prompt the client computer to launch LiveUpdate.)

Purge Quarantine

Right-click the desired target, then click All Tasks > Symantec AntiVirus > Logs > Risk History, select the risk, and then click Delete.

* On the Monitors tab, on the Logs tab, under Log type, select Risk, and then click View Log. Select the entries for the items you wish to delete. Next to Action, select Delete from Quarantine, and then click Apply.

Task

Symantec System Center

Symantec Endpoint Protection Manager

Determine how many clients are on the network

Unlock the server group, then highlight the managing server to see what clients the server manages.

On the Home Tab, under Endpoint Status, the Total Endpoints are listed. You can click on Up-to-date, Out-of-date, Offline and Disabled for specifics.

To view the clients in a specific group, you can click Clients (or Computers), select a client group, and click on the Clients tab in the right pane.

Determine the virus definition version on the clients

In the AntiVirus view, select the managing server, and look in the Definitions column.

On the Reports tab, click the Quick Reports tab. Under Report type, select Computer Status. Under Selected Report, select Virus Definition Distribution. Click Create Report.

To view the virus definition of clients in a specific group, you can click Clients (or Computers), select a client group, and click on the Clients tab in the right pane. On the View drop-down lilst, select Protection technology. Scroll to the right until you locate the Virus Definitions column.

Determine what version of the software is running on each client

In the AntiVirus view, select the managing server, and look in the Versions column.

On the Reports tab, click the Quick Reports tab. Under Report type, select Computer Status. Under Selected Report, select Symantec Endpoint Protection Product Versions. Click Create Report.

Determine whether threats have been detected

An alert icon appears on the affected computer and group. Right-click the desired target, then click Logs > Risk History.

This information is displayed on the Monitors tab; click on the Summary tab. For details, click the Logs tab. Next to Log Type, select Risk, and click View Log.

Find computers and audit the network

On the Tools menu, click Find Computer, and click the Audit Network tab.

The Client Deployment Wizard, using the Remote Push deployment option, can find the computers in your network to which you want to install the client. This includes those computers that are not managed, managed by another computer, or have no security software installed to it at all.

* Unmanaged Detectors can detect unprotected client computers. For more information on using Unmanaged Detectors, see the article "What does it mean to set a client as an Unmanaged Detector?"

View client firewall logs and events

Right-click the server, and click All Tasks > Symantec Client Firewall > Logs.

On the Reports tab, click the Quick Reports tab. Under Report type, select Network Threat Protection. From the Select a Report menu, you can select the desired report.

View logs and configure log forwarding

Right-click the server, and click All Tasks > Symantec AntiVirus > Logs.

To view logs:
On the Monitors tab, click the Logs tab. Select from the Log Type drop-down menu.

* To configure log forwarding to a Syslog server, or export to a file:
On the Admin tab, under Servers, click Local Site. Under Tasks, click Configure External Logging.

* To configure log settings:
On the Admin tab, under Servers, click localhost (or the database name, if a SQL Server database). Under Tasks, click Edit Database Properties, then click the Log Settings tab to change the settings from the default.

* To configure log handling:
On the Policies tab, under View Policies, click Virus and Spyware Protection, and either edit an existing policy or create a new policy. In the policy, under Windows Settings > Advanced Options, click Miscellaneous, and then click the Log Handling tab.